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EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with 
Joseph R. Burwell, Reg. No. 44,468 on 2/2/2005. 
L Replace claims 1,3,11,17 and 22 with: 

1. A method for executing a signed applet packaged in a given file, comprising: 

upon loading a class, determining whether a signature in the given file 
type applies to the class; 

if so, executing a verification procedure to verify the signature and the 
identity of a signer that generated the signature; 

following a successful verification, determining whether the signer is 
identified in a policy entry; 

if the signer is identified in the policy entry, populating a permission set 
for the class; 

wherein the signature is verified using a given algorithm used to sign the 
applet; and 
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wherein the step of populating the permission set for the class awards the 
class a permission as specified in the policy entry. 

3. The method as described in Claim 1 wherein the given algorithm is selected from 
the set of algorithms consisting of 
DSA/SHA1, 
RSA/MD5 and 
RSA/SHAL 

11. A method for executing a signed applet packaged in a given file, comprising: 

upon loading each class, determining whether any signatures in the given 
file applies to the class; 

if so, executing a verification procedure to verify the signature and the 
identity of a signer that generated the signature; 

following a successful verification, determining whether the signer is 
identified in a policy entry; 

if the signer is identified in the policy entry, awarding the class a 
permission as identified in the policy entry; 

responsive to a request that requires a permission, using the permission set 
for the class to determine whether the class has the permission; and 

wherein the signature is verified using a given algorithm used to sign the 

applet. 
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1 7. A computer program product on a computer readable media including computer 
usable code for use in a Java runtime environment (JRE), comprising: 

an applet class loader for loading a set of applet classes archived in a 
signed file; 

a set of signature engine classes for verifying applet class signatures; 

a security manager class callable by the applet class loader upon receipt of 
an initial request that requires a given permission and, in response thereto 
invoking a policy file class that verifies a signer based on the existence of a 
matching certificate in a set of keystores; 

wherein at least one signature engine verifies signatures using a given 
algorithm used to sign the applet classes archived in a signed file; and 

wherein for populating a permission set for the class, wherein the class is 
awarded a permission as specified in the policy file class managed by the security 
manager class. 
22. A system, comprising: 

a browser; 

a Java runtime environment; 
a set of keystores; 

an applet class loader for loading a set of applet classes archived in a 
signed file; 

a set of signature engine classes for verifying applet class signatures; 
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a security manager class callable by the applet class loader upon receipt of 
an initial request that requires a given permission and, in response thereto, 
invoking a policy file class that verifies a signer based on the existence of a 
matching certificate in the set of key stores; 

a means for populating a permission set for the class, wherein the class is 
awarded a permission as specified in a policy entry in a database managed by the 
security manager class; and 

wherein at least one signature engine verifies signatures using a given 
algorithm used to sign the applet. 

2. Cancel claims 2,4,23,24. 

Examiner's Statement of Reasons for Allowance 

3. Claims 1,3,5-22,25 are allowed over prior art. 

4. This action is in reply to applicant's correspondence of 02 September 2004. 

5. The following is an examiner's statement of reasons for the indication of allowable 
claimed subject matter. 

6. As per claims 1,1 1,17, and 22, prior art of record, Devine et al, U.S. Patent 6,598,167 B2, 
fails to teach, alone, or in combination, of; 

(Claim 1) "A method for executing a signed applet packaged in a given file, 
comprising: 
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upon loading a class, determining whether a signature in the given file 
type applies to the class, 

if so, executing a verification procedure to verify the signature and the 
identity of a signer that generated the signature; 

following a successful verification, determining whether the signer is 
identified in a policy entry; 

if the signer is identified in the policy entry, populating a permission set 
for the class, 

wherein the signature is verified using a given algorithm used to sign the 
applet, and 

wherein the step of populating the permission set for the class awards the 
class a permission as specified in the policy entry." 

(Claim 11) "A method for executing a signed applet packaged in a given file, 
comprising: 

upon loading each class, determining whether any signatures in the given 
file applies to the class, 

if so, executing a verification procedure to verify the signature and the 
identity of a signer that generated the signature; 

following a successful verification, determining whether the signer is 
identified in a policy entry, 
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if the signer is identified in the policy entry, awarding the class a 
permission as identified in the policy entry, 

responsive to a request that requires a permission, using the permission for 
the class to determine whether the class has the permission, and 

wherein the signature is verified using a given algorithm used to sign the 
applet" 

(Claim 17) "A computer program product including computer usable code for use in a 
Java runtime environment (IRE), comprising: 

an applet class loader for loading a set of applet classes archived in a 
signed file; 

a set of signature engine classes for verifying applet class signatures; 

a security manager class callable by the applet class loader upon receipt 
of an initial request that requires a given permission and, in response thereto 
invoking a policy file class that verifies a signer based on the existence of a 
matching certificate in a set of keystores; 

wherein at least one signature engine verifies signatures using a given 
algorithm used to sign the applet classes archived in a signed file; and 

wherein for populating a permission set for the class, wherein the class is 
awarded a permission as specified in the policy file class managed by the security 
manager class." 
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(Claim 22) 



tt 



A system, comprising: 



a browser; 

a Java runtime environment; 
a set of keystores; 

an applet class loader for loading a set of applet classes archived in a 
signed file; 

a set of signature engine classes for verifying applet class signatures; 

a security manager class callable by the applet class loader upon receipt 
of an initial request that requires a given permission and, in response thereto, 
invoking a policy file class that verifies a signer based on the existence of a 
matching certificate in the set of keystores; 

a means for populating a permission set for the class, wherein the class is 
awarded a permission as specified in a policy entry in a database managed by the 
security manager class; and 

wherein at least one signature engine verifies signatures using a given 
algorithm used to sign the applet " 



1. The italicized above claim elements dealing with (for example; claim 1) " ... determining 
whether a signature in the given file type applies to the class ...verify the signature and the 
identity of a signer ... determining whether the signer is identified in a policy entry ... 
populating a permission set for the class ... given algorithm used to sign the applet ... awards 
the class a permission as specified in the policy entry. " serving to patently distinguish the 
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invention from prior art. Specifically, while the use of alternate applet class packaging per se on 
a developer/user browser requirements basis (i.e., ".CAB", "JAR" file, signature verification 
database/certificate and associated development/module assembly software tools/technologies) is 
known in the prior art (i.e., see Griscom, Daniel, "Code Signing for Java Applets", Daniel T. 
Griscom Web site H http://www.boran.com/security/Doc_CodeSigning.html#both H ,1998, entire 
document), the use of an single integrated framework that via signature verification (of the 
signer) builds a permission structure (i.e., a set) usable during applet run time/user utilization (at 
which permission is a function of the original policy associated now with the verified signer 
identity), is patently distinct in the art. Further, the use of the Java Plug-in module part of the 
supplied (with the Java Runtime Environment) to effect a partial multi-browser environment is 
also known in the art; finding specific utilization in limited instances where the JDK/Netscape 
environments dominate the applicationsAVEB services (i.e., see disclosure, pp. 1-3), but the 
single integrated environment of the applicants invention clearly negates the need for such 
limited solutions. 

As per the applicants arguments in the previous remarks in the Amendment (September 
02, 2004), the examiner finds the applicant's arguments to be persuasive in that the art of record 
(Devine et al) does not teach or suggest the use of an integrated framework for executing a 
signed applet packaged in a given file utilizing the said claimed aspects and limitations as recited 
above. These aspects serving to patently distinguish the invention from the prior art of record. 

Prior art of record specifically deals with said partial limited solutions. There is nowhere 
implicitly or explicitly any mention of integrated, let alone a framework (i.e., the 
developing/packaging and user runtime/browser/verification/permission) oriented enviroment. 
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However, the claim language clearly associates the applicant's invention to the Java 
based technologies per se. This is in contrast to object oriented software/environments and 
technologies in general (i.e., " NET", C++, etc.). 

Claim 1 1 deals with permission per se (versus the permission set aspect of claim 1) and 
subsequent user use/running thereof, of the applet and associated class aspects. 

8. Claims 17,22 deal with the software embodiment and system aspects of the methods of 
claim 1. 

9. Dependent claims 3,5-10,12-16,18-21, and 25 are allowable by virtue of their 
dependencies. 



10. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861. The examiner can normally be reached Monday 
through Thursday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (571) 272-3795. The Fax number for the organization 
where this application is assigned is 703-872-9306. A 



Conclusion 



Ronald Baum 



Patent Examiner 




